Thanks to poorly secured backend databases, a few thousand mobile apps are leaking an abundance of sensitive data, including personal health information, plaintext passwords, and financial transactions, according to researchers.

Mobile security firm Appthority disclosed the leaks this week, pinning the blame on app developers who have failed to properly authenticate to the Google Firebase cloud database. Firebase is a mobile and web application platform acquired by Google in 2014. The platform is intended to make app development easier by doing much of the “heavy lifting” for coders.

Advertisement

More than 3,000 apps—most on Android, but at least 600 on iOS—are saving data to misconfigured Firebase databases exposed online, the researchers said.

Needless to say, in the wrong hands, this wealth of confidential data poses a serious threat to companies and consumers alike, be it via network infiltration or the theft of personal identity or proprietary corporate information.

Google provides detailed documentation on real-time use of Firebase and security rules for cloud storage, as well as security rules for Firestore, the document database for mobile developers who use Google’s cloud platform.